While working on getting some Bluecoat devices to use FTPS, we discovered that the original certificates issued on the Log Collector would not work. The Bluecoat did not like the self signed certificate for two reasons. First was that the certificate was not signed by a Certificate Authority that was not itself (the Log Collector was the CA). Second, the common name (CN) was not an IP address or a hostname that was resolvable by DNS, it was the Puppet Node ID. To resolve this issue I used the Puppet CA (SA Server) to create a new certificate using the IP address as the CN. Then I had the puppet CA certificate added to the Bluecoat trusted certificate store. We then configured the Bluecoat to send the logs to the IP address that matched the certificate along with the proper user credentials and it worked great. I have created this document and video to provide a guide on what was done to configure the Log Collector. Enjoy!
